#SPACyber is a practioner informed, research driven hub of cyber curriculum, thought leadership, and engagement. Focused on the national and homeland security implications of the internet our faculty, students, and partners collaborate around the common goal of understanding and ultimately informing U.S. cyber policy and the organizational structures and leaders who drive it.

For more information about the Cyber Policy & Management graduate certificate, contact the SPA Cyber Certificate team at spacybercert@american.edu.

2023 Aspen Cyber Summit

Join us in person or virtually on Wednesday, November 15 from 9AM to 5PM ET for the 8th annual Aspen Cyber Summit. Don’t miss this chance to hear from top leaders, including SPA's Diana Burley, on the latest threats, opportunities, and policy trends in cybersecurity and emerging technology.
Learn More & Register

14th Annual Billington Cybersecurity Summit

On Sept. 7, SPA's Sasha O'Connell spoke at the 14th Annual Billington Cybersecurity Summit about unleashing the power of diversity in your cyber workspace!
Learn More

WiCyS 2023

On March 18th, 2023, SPA Professor Sasha O'Connell spoke on her role as FBI's chief policy advisor for science & tech.
Learn More

National Cybersecurity Strategy Event

SPA was proud to adapt this piece from a blog post by student Clarissa Gallo (MS THSP, `23), who represented the school at the National Cybersecurity Strategy event.

After months of anticipation, the Biden-Harris Administration released its National Cybersecurity Strategy on Thursday, March 2nd. To celebrate its debut, the Center for Strategic and International Studies (CSIS) hosted a panel event that same day. Cybersecurity professionals from all sectors gathered at the organization's headquarters to hear from two of the most prominent cyber figures within federal government: Kemba Walden (Acting National Cyber Director) and Anne Neuberger (Deputy National Security Advisor for Cyber and Emerging Technologies).

Acting Director Walden provided opening remarks about the Strategy's importance, noting that its "ultimate goal is a digital ecosystem that is more inherently defensible, resilient, and aligned with our values." The Strategy, she continued, echoes previous policies but takes a new approach to the desired digital ecosystem, including "rebalancing the responsibility to defend cyberspace [and] incentivizing investments in a resilient future."

Following the opening remarks, moderator and CSIS Senior Vice President James Lewis led the two cybersecurity figures in a discussion of document’s underlying themes, including regulation, the modernization of information technology (IT), adversary disruption, implementation, and government partnerships with other sectors.

Neuberger described the potential shape of such a partnership, via sector-specific regulations for the "vulnerable" critical infrastructure mentioned in the Strategy: "As we look at putting in place these minimum cybersecurity practices, we want to ensure that's done in collaboration with the private sector; [such as with] active discussions by that sector lead agency or regulator to get private-sector feedback,” she said.

Later, Lewis posed audience questions to Walden and Neuberger, on topics from software liability reform to harmonizing regulation and the role of stakeholders. The final question came from this author, asking, "How does this strategy consider emerging technology and the need to anticipate future security needs and efforts?"

"[T]he fundamental principle of the strategy is to say we need an open, secure, and interoperable cyberspace,” answered Neuberger. “It's possible to do . . . with our partners in the private sector and countries around the world, and that, of course, includes emerging technologies as a force for good." As emerging technologies are manufactured and marketed, she continued, she hopes that "….what we've learned in cybersecurity and resilience and assurance [is applied,] while still preserving innovation."

The event concluded with a standing ovation. Though the day’s discussion lasted just over an hour, the efforts outlined in the Biden Administration's National Cybersecurity Strategy will surely keep cyber professionals across government and industry busy for a long time, as we all work to secure the nation's infrastructure, together.

James Burrell coauthors book chapter in Trends of Artificial Intelligence and Big Data for E-Health

Abstract: Embarking on a Medical Artificial Intelligence (AI) or  Big Data project includes the integration of a myriad of medical devices, wireless technologies, data warehouses, and even social networks. Cybersecurity threats are not entirely new to healthcare, but have certainly become more abundant with advent of medical AI research in radiology and were identified as one of the major healthcare risks of 2021. Many clinicians are undertaking such projects and may not have relevant training in AI and Big Data specific cybersecurity concerns. Fortunately healthcare providers and device manufacturers have the advantage of being able to take inspiration from other industries that are leading the way in the field. This review seeks to provide an introduction to cybersecurity as it pertains to healthcare, a background to both general and healthcare specific cybersecurity challenges, general approaches to improving security through both detection and preventative techniques, and ways that technology can increase security while mitigating risks. Read more.

National Archives Pioneer Pamela Wright Honored at American University

Pamela Wright’s work in fostering digital accessibility was honored with American University’s 2022 Outstanding Inclusive Technology Policy Changemaker Award.
Read More

Securing Cyberspace

On October 13, 2022, Professor Sasha O'Connell took part in a Washington Post Live policy discussion titled Securing Cyberspace: An All-Hands Effort. O'Connell was joined by Chris DeRusha, Federal CISO, and Adam Meyers, Senior VP of Intelligence at CrowdStrike. Watch the video of this segment.

Global Emerging Technology Summit

On September 16th, 2022, dozens of scholars, federal employees, policymakers, and technology professionals assembled at the first-ever Global Emerging Technology Summit. Hosted by the bipartisan, nonprofit Special Competitive Studies Project (SCSP), the event convened technology leaders from across sectors to discuss the national status quo on emerging technologies, and how to sustain the U.S.’ competitive advantage over a fast-developing China.

The impressive slate of lecturers and panelists included AU President Sylvia Burwell, Condoleezza Rice, and Henry Kissinger. National Security Advisor Jake Sullivan opened the summit by explaining the four pillars of America's tech strategy: 1) investing in our science and technology ecosystem; 2) nurturing top-STEM talent; 3) protecting our technology advantages; and 4) optimizing allies and partnerships. Panels covered the future of geopolitics, democracy, innovation, platforms, and warfare.

President Burwell explicated the role of student engagement.
 
"At a university you are a microcosm of all of these problems, whether it is the misuse of technology and misinformation…and the division and the divisiveness in terms of undermining democracy," said Burwell. "At American University, we tell our students three things: get your facts; take it off social [media]; and get it in a room. By Princeton Review's standing, we are the most politically-active campus in the nation's capital."
 
Kissinger, who served as national security advisor under Nixon and Ford, spoke on the race with China. “The fundamental challenge is [to] protect the security of the country, and, at the same time, leave open a vision of the future, and to do all of that without destroying humanity,” he said.
 
The Global Emerging Technology Summit painted an optimistic picture of the United States’ technological future while cautioning participants on the potential harm from misuse and abuse of such powerful innovations. For more information, visit the SCSP website.

SPA was proud to adapt this piece from a blog post by student Clarissa Gallo (MS THSP, `23), who represented the school at the SCSP event.

Past Events

Building A Career in Cybersecurity & Protecting Our Nation's Critical Infrastructure

American University's School of Public Affairs students had the opportunity to meet with Adam Lee, Vice President and Chief Security Officer for Dominion Energy. Adam's team protects an energy company that employs 17,000 people, serves 7 million customers across 13 states, and has a market capitalization of over $61 billion. He is also a former FBI division chief who spoke with students about his remarkable career as well as current cyber threats and challenges as well as strategies for response and resilience in this environment.

Analyzing the New National Cyber Director Role

Online Talk & Interview

Tuesday, January 26, 2021 | 10:00am - 11:00am (ET)

The Cyber Project at Harvard’s Kennedy School welcomes Sasha O’Connell (SPA Executive in Residence & Director of the Terrorism and Homeland Security Policy Master's Program), Kiran Raj (SPA adjunct professor), and Tatyana Bolton (former senior policy director for the U.S. Cyberspace Solarium Commission) in conversation with Lauren Zabierek to analyze the National Cyber Director role.

Sasha and Kiran recently published their report, The United States Needs a Cyber Director: A Roadmap for Making It Happen in 2021. You can access the Cyber Solarium Commission report here.

Life on an FBI Cyber Squad

Curriculum Highlights

JLC-695-002 Applied Cybersecurity in Nonprofit Organizations Practicum

Implementation of information and cybersecurity programs for many organizations are challenging and, often done haphazardly, if at all. Nonprofit organizations face many similar as well as different challenges when it comes to information and cybersecurity. This course will provide students with hands-on experience in the development, delivery, and results from the analysis of cyber and information security assessment process for two local nonprofit organizations. Students will explore how NIST CSF maps to other well-known assessment frameworks including NIST SP800-53, NIST SP800- 171, COBIT 5, and ISO 27000. Students will develop the assessment tool and other research through the lens of the nonprofit environment. Students will complete a controlled assessment of a local nonprofit which will help them develop skills in assessing, through the lens of cyber and information security, a business environment. Students will utilize these skills in bridging the gap between technical jargon and non-technical audiences by preparing and presenting their assessment findings to the executive leadership of the assessed nonprofit. Students will gain a practical ability to perform an information/cybersecurity risk assessment along with the process of developing and delivering the assessment as a part of the students' learning.

Instructor: Dr. Kelley Misata, Founder & CEO, Sightline Security and Executive Director, The Open Information Security Foundation

JLC-695-001 Cyber Incident Response Practicum

This practicum will focus on developing students' knowledge of the roles and responsibilities of various key stakeholders in responding to a serious cybersecurity incident. Students will learn how the U.S. government approaches cyber incidents from a legal, policy, and operational perspective, and how industry, the media, and partner nations must balance the challenges around a quickly unfolding cyber incident with incomplete information. Students will conduct a hands-on simulation of a National Security Council meeting, and role-play media companies, industry groups, and other affected organizations utilizing the policy analysis skills developed throughout this course. As part of the exercise, students will provide policy options to cabinet officials and advocate for particular actions. Following the simulation, students will have the opportunity to brief senior U.S. government officials in key cybersecurity agencies, as well as other cybersecurity experts. Students will gain a practical ability to prepare an incident response plan and develop concise, actionable written and oral policy options.

Instructors:
Iranga Kahangama, Director for Cyber Policy, National Security Council
Jonah Hill, Cyber Security Strategist, U.S. Secret Service

"Cyber policy is a dynamic and quickly-evolving area of U.S. national security policymaking. We're excited to share our experiences with the AU community and to offer a practicum that allows students to understand the challenges and options for responding to a cyber incident at a national level." - Jonah Hill, Instructor

"I’m looking forward to helping develop a strong talent pipeline for public service in the cyber policy sphere” - Iranga Kahangama, Instructor